dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.date.accessioned | 2022-11-22T11:49:32Z | |
dc.date.available | 2022-11-22T11:49:32Z | |
dc.date.issued | 2013 | |
dc.identifier.citation | Varela Vaca, Á.J. y Martínez Gasca, R. (2013). Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach. Information and Software Technology, 55 (11), 1948-1973. https://doi.org/10.1016/j.infsof.2013.05.007. | |
dc.identifier.issn | 0950-5849 | es |
dc.identifier.issn | 1873-6025 | es |
dc.identifier.uri | https://hdl.handle.net/11441/139673 | |
dc.description.abstract | Context: The use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation
of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and
hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for
organizations. Therefore, the early selection of security controls that miti-gate risks is a real and important
necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human,
manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the
organization perspective and involve many security stakeholders. This separation makes difficult to ensure the
effectiveness of the configuration with regard to organizational requirements.
Objective: In this paper, we strive to provide security stakeholders with automated tools for the optimal selection of
IT security configurations in accordance with a range of business process scenarios and orga-nizational multi criteria.
Method: An approach based on feature model analysis and constraint programming techniques is pre-sented, which
enable the automated analysis and selection of optimal security configurations.
Results: A catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the
enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and
authentication. These feature models have been implemented through constraint programs, and Con-straint
Programming techniques based on optimized and non-optimized searches are used to automate the selection and
generation of configurations. In order to compare the results of the determination of configuration a comparative
analysis is given.
Conclusion: In this paper, we present innovative tools based on feature models, Constraint Programming and multi objective techniques that enable the agile, adaptable and automatic selection and generation of security
configurations in accordance with the needs of the organization. | es |
dc.description.sponsorship | Junta de Andalucía P08-TIC-04095 | es |
dc.description.sponsorship | Ministerio de Educación y Ciencia TIN2009-13714 | es |
dc.format | application/pdf | es |
dc.format.extent | 26 | es |
dc.language.iso | eng | es |
dc.publisher | Elsevier | es |
dc.relation.ispartof | Information and Software Technology, 55 (11), 1948-1973. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Business process | es |
dc.subject | Business process management systems | es |
dc.subject | Security | es |
dc.subject | Risk treatment | es |
dc.subject | Constraint programming | es |
dc.subject | Feature model | es |
dc.title | Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach | es |
dc.type | info:eu-repo/semantics/article | es |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | P08-TIC-04095 | es |
dc.relation.projectID | TIN2009-13714 | es |
dc.relation.publisherversion | https://www.sciencedirect.com/science/article/pii/S0950584913001286?via%3Dihub | es |
dc.identifier.doi | 10.1016/j.infsof.2013.05.007 | es |
dc.contributor.group | Universidad de Sevilla. TIC-258: Data-centric Computing Research Hub | es |
dc.journaltitle | Information and Software Technology | es |
dc.publication.volumen | 55 | es |
dc.publication.issue | 11 | es |
dc.publication.initialPage | 1948 | es |
dc.publication.endPage | 1973 | es |
dc.contributor.funder | Junta de Andalucía | es |
dc.contributor.funder | Ministerio de Educación y Ciencia (MEC). España | es |